系统运行速度慢 QQ盗号木马无法删除 杀毒软件无法查出病毒

下面是由SRE扫描的日志:

复制内容到剪贴板

代码:

2008-02-08,00:57:25
System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)
Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能
以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\CTFMON.EXE>  [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
    <vptray><C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe>  [Symantec Corporation]
    <360Main.exe><rem C:\PROGRA~1\360so\360Main.exe>  [360so]
    <CnsMin><rem Rundll32.exe C:\WINDOWS\downlo~1\CnsMin.dll,Rundll32>  [北京三七二一科技有限公司]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\Windows\system32\userinit.exe,>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{D157330A-9EF3-49F8-9A67-4141AC41ADD4}><C:\WINDOWS\downlo~1\cnshook.dll>  [(Verified)"INTER CHINA NETWORK SOFTWARE (BEIJING) CO., LTD"]
    <{94f833b0-726d-4d09-b715-6352f632ece7}><C:\WINDOWS\system32\QAB_QAB_1011.dll>  []
    <{9a8234b5-a04c-4b0c-ad8c-f4fdb94c9543}><C:\WINDOWS\system32\RAA_RAA_1002.dll>  []
    <{2f32e793-9263-4aa5-862f-da2480554715}><C:\WINDOWS\system32\JAA-JAA-1032.dll>  []
    <{4FA10261-B890-F432-A453-69F1023513F4}><C:\WINDOWS\Fonts\gjcsdyc.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub>  [(Verified)Microsoft Windows Publisher]
==================================
启动文件夹
[腾讯QQ]
  <C:\Documents and Settings\IBM\「开始」菜单\程序\启动\腾讯QQ.lnk --> E:\QQ1\QQ.exe [TENCENT]><N>
==================================
服务
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
  <C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[DefWatch / DefWatch][Running/Auto Start]
  <C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe><Symantec Corporation>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[IBM PM Service / IBMPMSVC][Running/Auto Start]
  <C:\WINDOWS\system32\ibmpmsvc.exe><N/A>
[Symantec AntiVirus Client / Norton AntiVirus Server][Running/Auto Start]
  <C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe><Symantec Corporation>
[QCONSVC / QCONSVC][Running/Auto Start]
  <System32\QCONSVC.EXE><N/A>
==================================
驱动程序
[Agere Systems Soft Modem / AgereSoftModem][Running/Manual Start]
  <system32\DRIVERS\AGRSM.sys><Agere Systems>
[ALi Audio Accelerator WDM driver / aliadwdm][Running/Manual Start]
  <system32\drivers\ac97ali.sys><Acer Laboratories Inc.>
[AliIde / AliIde][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\aliide.sys><Acer Laboratories Inc.>
[ANC / ANC][Running/System Start]
  <System32\drivers\ANC.SYS><IBM Corp.>
[ATI2HDDSRV / ATI2HDDSRV][Running/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\ati32srv.sys><N/A>
[ati2mtag / ati2mtag][Running/Manual Start]
  <system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[Broadcom NetXtreme Fast Ethernet / b57w2k][Running/Manual Start]
  <system32\DRIVERS\b57xp32.sys><Broadcom Corporation>
[ATI Cabo AGP Filter / caboagp][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\atisgkaf.sys><ATI Technologies Inc.>
[CmdIde / CmdIde][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[CnsMinKP / CnsMinKP][Running/Boot Start]
  <\SystemRoot\system32\drivers\CnsMinKP.sys><国风因特软件（北京）有限公司>
[DeepFree Update / DeepFree Update][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\pcihdd2.sys><N/A>
[esotgbco / esotgbco][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\esotgbco.sys><Yahoo! China Corporation>
[IBMPMDRV / IBMPMDRV][Running/Manual Start]
  <system32\DRIVERS\ibmpmdrv.sys><IBM Corp.>
[IBMTPCHK / IBMTPCHK][Running/System Start]
  <System32\drivers\IBMBLDID.SYS><N/A>
[khkfseq / khkfseq][Running/Boot Start]
  <\SystemRoot\\SystemRoot\System32\drivers\khkfseq.sys><N/A>
[MegaIDE / MegaIDE][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\MegaIDE.sys><LSI Logic Corporation.>
[msertk / msertk][Running/Auto Start]
  <system32\drivers\msyecp.sys><N/A>
[msskye / msskye][Running/Auto Start]
  <system32\drivers\msaclue.sys><N/A>
[NAVAP / NAVAP][Running/Manual Start]
  <\??\C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVAP.sys><Symantec Corporation>
[NAVAPEL / NAVAPEL][Running/Auto Start]
  <\??\C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAPEL.SYS><Symantec Corporation>
[NAVENG / NAVENG][Running/Manual Start]
  <\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20050817.024\NAVENG.sys><Symantec Corporation>
[NAVEX15 / NAVEX15][Running/Manual Start]
  <\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20050817.024\NAVEX15.sys><Symantec Corporation>
[nv / nv][Stopped/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[QCNDISIF / QCNDISIF][Stopped/Manual Start]
  <System32\drivers\qcndisif.SYS><IBM Corporation.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[SymEvent / SymEvent][Running/Manual Start]
  <\??\C:\Program Files\Symantec\SYMEVENT.SYS><Symantec Corporation>
[IBM PS/2 TrackPoint Filter Driver / TwoTrack][Running/Manual Start]
  <system32\DRIVERS\TwoTrack.sys><IBM Corporation>
[ViaIde / ViaIde][Stopped/Boot Start]
  <\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>
[yaskp / yaskp][Running/Boot Start]
  <\SystemRoot\system32\drivers\yaskp.sys><Copyright (C) yahoo Corporation.>

==================================
浏览器加载项
[ThunderIEHelper Class]
  {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v6.dll, >
[QQToolbar]
  {29CF293A-1E7D-4069-9E11-E39698D0AF95} <C:\Program Files\Tencent\QQToolbar\IEBar.dll, TENCENT>
[Yahoo!Photo]
  {33BBE430-0E42-4f12-B075-8D21ACB10DCB} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll, Yahoo! China>
[AntiFish Class]
  {38928D50-8A48-44C2-945F-D2F23F771410} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll, yahoo! china>
[360搜]
  {472101C2-1109-43f4-9112-31F33E3F2127} <C:\Program Files\360so\360so.dll, >
[DragSearch BHO]
  {62EED7C6-9F02-42f9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, yahoo! china>
[]
  {669751ED-D558-49AE-B01A-3B374CC7910E} <C:\WINDOWS\system32\SSup.dll, TENCENT>
[NTIECatcher Class]
  {C56CB6B0-0D96-11D6-8C65-B2868B609932} <C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll, Xi>
[CnsHook Class]
  {D157330A-9EF3-49F8-9A67-4141AC41ADD4} <C:\WINDOWS\downlo~1\cnshook.dll, 国风因特软件（北京）有限公司>
[yFlashDl Class]
  {F166BC04-3C84-44cc-A6E9-2315EC4844B9} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yflashdl.dll, Yahoo! China>
[assist]
  {FE3ECAE7-0A37-4506-8A7D-3CC9A04D2CA8} <C:\PROGRA~1\Yahoo!\Assistant\Assist\yassist.dll, Yahoo! China>
[解霸]
  {367E0A21-8601-4986-9C9A-153BF5ACA118} <C:\HEROSOFT\Hero3000\MPLAYER.EXE, N/A>
[Yahoo 3.5G电邮]
  {507F9113-CD77-4866-BA92-0E86DA3D0B97} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail, N/A>
[名品折扣]
  {59BC54A2-56B3-44a0-93E5-432D58746E26} <http://adtaobao.allyes.com/main/adfclick?db=adtaobao&bid=138,140,18&cid=816,8,1&sid=5042&show=ignore&url=http://www.taobao.com/vertical/mall/pro.php?allyesPara=816, N/A>
[雅虎助手]
  {5D73EE86-05F1-49ed-B850-E423120EC338} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist, N/A>
[雅虎WIDGET]
  {6354ABE6-05F1-49ed-B850-E423120EC338} <http://cn.widget.yahoo.com/index.htm?source=Cns, N/A>
[情景聊天]
  {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} <http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/, N/A>
[]
  {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair, N/A>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[]
  {FD00D911-7529-4084-9946-A29F1BDF4FE5} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean, N/A>
[雅虎助手]
  {406F94F0-504F-4A40-8DFD-58B0666ABEBD} <C:\PROGRA~1\Yahoo!\Assistant\Assist\yasbar.dll, yahoo! china>
[QQToolbar]
  {29CF293A-1E7D-4069-9E11-E39698D0AF95} <C:\Program Files\Tencent\QQToolbar\IEBar.dll, TENCENT>
[V3ProX Control]
  {5DD731E6-D4F0-11D3-BE3F-00105A6FDA50} <C:\WINDOWS\DOWNLO~1\v3prox.ocx, Ahnlab, Inc.>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Tencent Safety Online Base Module]
  {C09B522F-8AED-4E21-A65C-DC1AB652BAEE} <C:\WINDOWS\DOWNLO~1\TSOBase.ocx, Tencent Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx, Adobe Systems, Inc.>
[ThunderIEHelper Class]
  {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v6.dll, >
[Tencent Browser Helper]
  {0C7C23EF-A848-485B-873C-0ED954731014} <C:\Program Files\TENCENT\SSPlus\SAddr.dll, Tencent>
[QQToolbar]
  {29CF293A-1E7D-4069-9E11-E39698D0AF95} <C:\Program Files\Tencent\QQToolbar\IEBar.dll, TENCENT>
[Yahoo!Photo]
  {33BBE430-0E42-4F12-B075-8D21ACB10DCB} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll, Yahoo! China>
[AntiFish Class]
  {38928D50-8A48-44C2-945F-D2F23F771410} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll, yahoo! china>
[雅虎助手]
  {406F94F0-504F-4A40-8DFD-58B0666ABEBD} <C:\PROGRA~1\Yahoo!\Assistant\Assist\yasbar.dll, yahoo! china>
[360搜]
  {472101C2-1109-43F4-9112-31F33E3F2127} <C:\Program Files\360so\360so.dll, >
[DragSearch BHO]
  {62EED7C6-9F02-42F9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, yahoo! china>
[]
  {669751ED-D558-49AE-B01A-3B374CC7910E} <C:\WINDOWS\system32\SSup.dll, TENCENT>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Active Desktop Mover]
  {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[NTIECatcher Class]
  {C56CB6B0-0D96-11D6-8C65-B2868B609932} <C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll, Xi>
[CnsHook Class]
  {D157330A-9EF3-49F8-9A67-4141AC41ADD4} <C:\WINDOWS\downlo~1\cnshook.dll, 国风因特软件（北京）有限公司>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx, Adobe Systems, Inc.>
[yFlashDl Class]
  {F166BC04-3C84-44CC-A6E9-2315EC4844B9} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yflashdl.dll, Yahoo! China>
[assist]
  {FE3ECAE7-0A37-4506-8A7D-3CC9A04D2CA8} <C:\PROGRA~1\Yahoo!\Assistant\Assist\yassist.dll, Yahoo! China>
[&使用下载加速专家下载]
  <C:\Program Files\3721\Dlaccel\geturl.htm, N/A>
[添加到QQ表情]
  <E:\QQ1\AddEmotion.htm, N/A>
==================================
正在运行的进程
[PID: 696 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 752 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 776 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\Ati2evxx.dll]  [ATI Technologies Inc., 6.14.10.4112]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 820 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 832 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 984 / SYSTEM][C:\WINDOWS\system32\ibmpmsvc.exe]  [N/A, ]
[PID: 1008 / SYSTEM][C:\WINDOWS\system32\Ati2evxx.exe]  [ATI Technologies Inc., 6.14.10.4112]
    [C:\WINDOWS\system32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2496]
[PID: 1020 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1176 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1288 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1360 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1472 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1600 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\vprproc.dll]  [Windows (R) 2000 DDK provider, 5.00.2195.1620]
[PID: 1760 / IBM][C:\WINDOWS\system32\Ati2evxx.exe]  [ATI Technologies Inc., 6.14.10.4112]
    [C:\WINDOWS\system32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2496]
    [C:\WINDOWS\downlo~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 1, 5]
    [C:\Windows\system32\HDDGuard.dll]  [N/A, ]
[PID: 1768 / IBM][C:\Windows\system32\userinit.exe]  [N/A, ]
    [C:\Windows\system32\HDDGuard.dll]  [N/A, ]
[PID: 1824 / IBM][C:\windows\explorer.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\QAB_QAB_1011.dll]  [N/A, ]
    [C:\WINDOWS\system32\RAA_RAA_1002.dll]  [N/A, ]
    [C:\WINDOWS\downlo~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 1, 5]
    [C:\WINDOWS\system32\JAA-JAA-1032.dll]  [N/A, ]
    [C:\WINDOWS\Fonts\gjcsdyc.dll]  [N/A, ]
    [C:\WINDOWS\downlo~1\cnshook.dll]  [国风因特软件（北京）有限公司, 2.5.1.8]
    [C:\Windows\system32\HDDGuard.dll]  [N/A, ]
    [C:\WINDOWS\system32\xunleibho_v6.dll]  [, 4, 4, 0, 31]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll]  [Yahoo! China, 3, 1, 2, 1013]
    [C:\Program Files\360so\360so.dll]  [, 1, 0, 2, 1007]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL]  [yahoo! china, 3, 1, 1, 1013]
    [C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll]  [Xi, 1.60.11]
    [C:\Program Files\Xi\NetTransport 2\MFC42.DLL]  [Microsoft Corporation, 6.00.9782.0]
    [C:\PROGRA~1\Yahoo!\Assistant\Assist\yassist.dll]  [Yahoo! China, 3, 2, 3, 1029]
[PID: 1928 / IBM][C:\WINDOWS\system32\Rundll32.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\downlo~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 1, 5]
    [C:\WINDOWS\downlo~1\CnsMinIO.dll]  [国风因特软件（北京）有限公司, 2.5.0.8]
    [C:\WINDOWS\downlo~1\cnsio.dll]  [国风因特软件（北京）有限公司, 2.5.0.6]
    [C:\Windows\system32\HDDGuard.dll]  [N/A, ]
[PID: 1976 / IBM][C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe]  [Symantec Corporation, 8.1.0.821]
    [C:\WINDOWS\downlo~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 1, 5]
    [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Cliscan.dll]  [Symantec Corporation, 8.1.0.821]
    [C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVNTUTL.DLL]  [Symantec/Peter Norton Group, 1, 0, 0, 1]
    [C:\Windows\system32\HDDGuard.dll]  [N/A, ]
[PID: 1984 / IBM][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\downlo~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 1, 5]
    [C:\Windows\system32\HDDGuard.dll]  [N/A, ]
[PID: 352 / SYSTEM][C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe]  [Symantec Corporation, 8.1.0.821]
[PID: 416 / SYSTEM][C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe]  [Symantec Corporation, 8.1.0.821]
    [C:\WINDOWS\system32\CBA.DLL]  [Intel? Corporation, 6.12.0.105 E]
    [C:\WINDOWS\system32\MsgSys.dll]  [Intel? Corporation, 6.12.0.105 E]
    [C:\WINDOWS\system32\NTS.dll]  [Intel? Corporation, 6.12.0.105 E]
    [C:\WINDOWS\system32\PDS.DLL]  [Intel? Corporation, 6.12.0.105 E]
    [C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVLU.dll]  [Symantec Corporation, 8.1.0.821]
    [C:\WINDOWS\system32\gnolnait.dll]  [N/A, ]
    [C:\WINDOWS\system32\niluw.dll]  [N/A, ]
    [C:\WINDOWS\system32\hjxr.dll]  [N/A, ]
    [C:\WINDOWS\system32\3auhad.dll]  [N/A, ]
    [C:\WINDOWS\system32\jemnaw.dll]  [N/A, ]
    [C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVNTUTL.DLL]  [Symantec/Peter Norton Group, 1, 0, 0, 1]
    [C:\PROGRA~1\SYMANT~1\SYMANT~1\i2ldvp3.dll]  [Symantec Corporation, 8.1.0.821]
    [C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVAPI32.DLL]  [Symantec Corp., 4.2.0.7]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20050817.024\NAVEX32a.DLL]  [Symantec Corporation, 20051.1.0.12]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20050817.024\NAVENG32.DLL]  [Symantec Corporation, 20051.1.0.12]
    [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAP32.DLL]  [Symantec Corporation, 9.1.0.26]
[PID: 512 / SYSTEM][C:\WINDOWS\System32\QCONSVC.EXE]  [IBM Corp., 3, 7, 1, 0]
    [C:\WINDOWS\System32\gnolnait.dll]  [N/A, ]
    [C:\WINDOWS\System32\niluw.dll]  [N/A, ]
    [C:\WINDOWS\System32\hjxr.dll]  [N/A, ]
    [C:\WINDOWS\System32\3auhad.dll]  [N/A, ]
    [C:\WINDOWS\System32\jemnaw.dll]  [N/A, ]
[PID: 3116 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\gnolnait.dll]  [N/A, ]
    [C:\WINDOWS\System32\niluw.dll]  [N/A, ]
    [C:\WINDOWS\System32\hjxr.dll]  [N/A, ]
    [C:\WINDOWS\System32\3auhad.dll]  [N/A, ]
    [C:\WINDOWS\System32\jemnaw.dll]  [N/A, ]
[PID: 3024 / IBM][C:\Documents and Settings\IBM\桌面\TTraveler.exe]  [Tencent, 3, 8, 308, 201]
    [C:\WINDOWS\system32\gnolnait.dll]  [N/A, ]
    [C:\WINDOWS\system32\niluw.dll]  [N/A, ]
    [C:\WINDOWS\system32\hjxr.dll]  [N/A, ]
    [C:\WINDOWS\system32\3auhad.dll]  [N/A, ]
    [C:\WINDOWS\system32\jemnaw.dll]  [N/A, ]
    [C:\WINDOWS\downlo~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 1, 5]
    [C:\WINDOWS\downlo~1\cnshook.dll]  [国风因特软件（北京）有限公司, 2.5.1.8]
    [C:\Windows\system32\HDDGuard.dll]  [N/A, ]
    [C:\WINDOWS\Fonts\gjcsdyc.dll]  [N/A, ]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 3268 / IBM][C:\Documents and Settings\IBM\桌面\sreng2\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [C:\WINDOWS\system32\gnolnait.dll]  [N/A, ]
    [C:\WINDOWS\system32\niluw.dll]  [N/A, ]
    [C:\WINDOWS\system32\hjxr.dll]  [N/A, ]
    [C:\WINDOWS\system32\3auhad.dll]  [N/A, ]
    [C:\WINDOWS\system32\jemnaw.dll]  [N/A, ]
    [C:\WINDOWS\downlo~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 1, 5]
    [C:\Windows\system32\HDDGuard.dll]  [N/A, ]
    [C:\Documents and Settings\IBM\桌面\sreng2\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
    [C:\WINDOWS\Fonts\gjcsdyc.dll]  [N/A, ]
==================================
文件关联
.TXT  Error. [C:\WINDOWS\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
N/A
==================================
Autorun.inf
[D:\]
[AutoRun]
open=IO.pif
shellexecute=IO.pif
[E:\]
[AutoRun]
open=IO.pif
shellexecute=IO.pif
==================================
HOSTS 文件
127.0.0.1       localhost
==================================
进程特权扫描
特殊特权被允许： SeDebugPrivilege [PID = 1976, C:\PROGRA~1\SYMANT~1\SYMANT~1\VPTRAY.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1976, C:\PROGRA~1\SYMANT~1\SYMANT~1\VPTRAY.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 3024, C:\DOCUMENTS AND SETTINGS\IBM\桌面\TTRAVELER.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 3024, C:\DOCUMENTS AND SETTINGS\IBM\桌面\TTRAVELER.EXE]
==================================
API HOOK
N/A
==================================
隐藏进程
N/A
==================================

[D:\]
[AutoRun]
open=IO.pif
shellexecute=IO.pif
[E:\]
[AutoRun]
open=IO.pif
shellexecute=IO.pif
清理掉
3721卸载掉，还有迅雷最近也出现危险建议卸载掉

[ 本帖最后由 pzping 于 2008-2-8 11:27 编辑 ]

1.建议使用XDelBox删除以下文件：(XDelBox1.6下载)
使用说明：删除时复制所有要删除文件的路径，在待删除文件列表里点击右键选择从剪贴板导入，导入后在要删除文件上点击右键，选择立刻重启删除，电脑会重启进入DOS界面进行删除操作。运行xdelbox前最好卸载所有可移动存储介质（包括U盘，MP3，手机存储卡等）。


c:\windows\system32\ibmpmsvc.exe
c:\windows\downlo~1\cnsmin.dll
c:\windows\system32\hddguard.dll
c:\progra~1\yahoo!\assist~1\assist\ydrags~1.dll
c:\progra~1\yahoo!\assist~1\assist\yphtb.dll
c:\progra~1\yahoo!\assistant\assist\yassist.dll
c:\windows\downlo~1\cnshook.dll
c:\windows\fonts\gjcsdyc.dll
c:\windows\system32\jaa-jaa-1032.dll
c:\windows\system32\qab_qab_1011.dll
c:\windows\system32\raa_raa_1002.dll
c:\windows\system32\xunleibho_v6.dll
c:\windows\downlo~1\cnsminio.dll
c:\windows\downlo~1\cnsio.dll
c:\windows\system32\3auhad.dll
c:\windows\system32\gnolnait.dll
c:\windows\system32\hjxr.dll
c:\windows\system32\jemnaw.dll
c:\windows\system32\niluw.dll
c:\windows\downlo~1\cnsmin.dll
c:\windows\system32\drivers\msaclue.sys
c:\windows\system32\drivers\msyecp.sys
c:\windows\system32\drivers\khkfseq.sys
c:\windows\system32\drivers\pcihdd2.sys
c:\windows\system32\drivers\ati32srv.sys
c:\windows\system32\drivers\cnsminkp.sys
c:\windows\system32\drivers\esotgbco.sys
c:\windows\system32\drivers\yaskp.sys
c:\program files\3721\dlaccel\geturl.htm
c:\program files\360so\360so.dll
c:\windows\system32\ssup.dll
c:\progra~1\yahoo!\assist~1\assist\yflashdl.dll
c:\progra~1\yahoo!\assistant\assist\yasbar.dll
c:\windows\downlo~1\v3prox.ocx
c:\program files\tencent\qqtoolbar\iebar.dll
c:\progra~1\yahoo!\assist~1\assist\yangling.dll
d:\autorun.inf
d:\IO.pif
e:\autorun.inf
e:\IO.pif
2.删除重启后使用SREng修复下面各项：

    启动项目 －－ 注册表之如下项删除：
[{4FA10261-B890-F432-A453-69F1023513F4}]    <C:\WINDOWS\Fonts\gjcsdyc.dll>
[{2f32e793-9263-4aa5-862f-da2480554715}]    <C:\WINDOWS\system32\JAA-JAA-1032.dll>
[{9a8234b5-a04c-4b0c-ad8c-f4fdb94c9543}]    <C:\WINDOWS\system32\RAA_RAA_1002.dll>
[{94f833b0-726d-4d09-b715-6352f632ece7}]    <C:\WINDOWS\system32\QAB_QAB_1011.dll>

    启动项目 －－ 服务－－ 驱动程序之如下项禁用：
[msskye / msskye]    <system32\drivers\msaclue.sys>
[msertk / msertk]    <system32\drivers\msyecp.sys>
[khkfseq / khkfseq]    <\SystemRoot\\SystemRoot\System32\drivers\khkfseq.sys>
[DeepFree Update / DeepFree Update]    <\??\C:\WINDOWS\system32\drivers\pcihdd2.sys>
[ATI2HDDSRV / ATI2HDDSRV]    <\??\C:\WINDOWS\system32\drivers\ati32srv.sys>
[CnsMinKP / CnsMinKP]    <\SystemRoot\system32\drivers\CnsMinKP.sys>
[esotgbco / esotgbco]    <\SystemRoot\System32\DRIVERS\esotgbco.sys>
[yaskp / yaskp]    <\SystemRoot\system32\drivers\yaskp.sys>

    系统修复－－　浏览器加载项之如下项删除：
[ThunderIEHelper Class]    <C:\WINDOWS\system32\xunleibho_v6.dll>
[ThunderIEHelper Class]    <C:\WINDOWS\system32\xunleibho_v6.dll>
[&使用下载加速专家下载]    <C:\Program Files\3721\Dlaccel\geturl.htm>
[360搜]    <C:\Program Files\360so\360so.dll>
[]    <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean>
[]    <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair>
[情景聊天]    <http://cn.rd.yahoo.com/home/mess ... essenger.yahoo.com/>
[雅虎WIDGET]    <http://cn.widget.yahoo.com/index.htm?source=Cns>
[雅虎助手]    <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist>
[名品折扣]    <http://adtaobao.allyes.com/main/adfclick?db=adtaobao&bid=138>
[Yahoo 3.5G电邮]    <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail>
[360搜]    <C:\Program Files\360so\360so.dll>
[]    <C:\WINDOWS\system32\SSup.dll>
[CnsHook Class]    <C:\WINDOWS\downlo~1\cnshook.dll>
[yFlashDl Class]    <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yflashdl.dll>
[雅虎助手]    <C:\PROGRA~1\Yahoo!\Assistant\Assist\yasbar.dll>
[V3ProX Control]    <C:\WINDOWS\DOWNLO~1\v3prox.ocx>
[assist]    <C:\PROGRA~1\Yahoo!\Assistant\Assist\yassist.dll>
[QQToolbar]    <C:\Program Files\Tencent\QQToolbar\IEBar.dll>
[Yahoo!Photo]    <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll>
[AntiFish Class]    <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll>
[雅虎助手]    <C:\PROGRA~1\Yahoo!\Assistant\Assist\yasbar.dll>
[Yahoo!Photo]    <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll>
[DragSearch BHO]    <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL>
[yFlashDl Class]    <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yflashdl.dll>
[assist]    <C:\PROGRA~1\Yahoo!\Assistant\Assist\yassist.dll>
[CnsHook Class]    <C:\WINDOWS\downlo~1\cnshook.dll>
[DragSearch BHO]    <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL>



替换USERINIT.exe文件

修复文件关联